VDB
CVE-2016-3088
CVE-2016-3088
PUBLISHED
KEV
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
EPSS 94.28% · 99.9th percentile
Risk Scores
EPSS Score
94.28%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | activemq | *, 0, 5.13.2+dfsg-2 |
Exploit Intelligence
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc-repo)
- wood03mm/CVE-2016-3088 (github-poc)
…and 453 more exploits
Timeline
- Aug 17, 2015 PoC Published
- Jun 1, 2016 CVE Published
- Dec 3, 2016 PoC Published
- Jun 29, 2017 PoC Published
- Jun 29, 2017 PoC Published
- May 10, 2018 PoC Published
- May 29, 2018 PoC Published
- Sep 19, 2018 PoC Published
- Feb 6, 2019 PoC Published
- Oct 21, 2019 PoC Published
- Oct 9, 2020 PoC Published
- Jan 29, 2021 PoC Published
References
- https://ubuntu.com/security/CVE-2016-3088 third-party-advisory
- http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-3088 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory